cpg1.4.10 and Snort

[mrn]

Hello there

I had upgrade my gallery from cpg1.4.X  to cpg1.4.10 a few weeks ago, and everything is working ok but that i am receiving a lot of complains from users that say when try to upload a file, the gallery shows a message like:
"The conection was lost, try to connect again"
The users try to connect again, but the browser say:
"The server you are trying to connect is taking too long to response" and really they cant connect again.

After some investigations i had discovered that the users are being banned from the web server because Snort is installed on it and it says they are "suspected intruders" because they has attempted id command access via web, like related on this link: http://www.snort.org/pub-bin/sigs.cgi?sid=1333

I had commented the line:

# include $RULE_PATH/web-attacks.rules

at my /etc/snort.conf and now users can upload photos again, but i whould like to check for web-attacks again, because there is forums and other applications installed on the same server.

Anybody knows if coppermine really needs the id command or if it can be disabled?
Other ways to fix the problem?

Thanks to read, sorry about my poor english

Regards

[Nibbler]

It doesn't, must be a false positive.

[mrn]

Hello Nibbler
I dont know if is a false o true positive, but the only way users can upload photos at my gallery is disabling web-attacks rule, which blocks users because coppermine uses id command via web and its supposed an agression.
Why coppermine needs to know what users i have on my server?

Thank you

Regards

[Nibbler]

It doesn't. It is a false positive. Locate and disable the specific rule in the file that causes the problem.